Do you trust your team NOT to click on a dodgy email? Indeed, do you trust yourself?!
Do you have conversations with your team about the consequences of a phishing attack?
You may believe that your business is simply too small for you to become a victim of cybercrime. The companies that feature in the press suffering loss of business due to a ransomware attack tend to be national enterprises with multimillion-pound turnovers, but the hackers don’t discriminate; no company is too insignificant for them.
You can take measures to protect your staff from themselves:
- Spam filtering
- Strong passwords
- Multi factor authentication
Our blog about phishing considers the barriers you can erect and includes a cautionary tale of a real-life hacking attack.
It is a truth universally acknowledged, however, that the human factor is the weakest link. Emails will evade the blocking strategies, and they look much more authentic now that cybercriminals have AI at their disposal. You can arrange education for your workforce, but how can you be sure that the message has hit home?
During a training session, it is obvious which emails you need to be wary about, but on a busy Monday morning with an inbox packed to bursting with unread emails, could you cross your heart and promise that you will give that same level of attention to each email?
The solution: run random phishing tests!
The beauty of a tailored phishing test is that the emails can be designed to trigger the temptation to click the link in the recipients. Perhaps your technicians are tempted by a free Domino’s pizza. Maybe your accounts clerks rush to work on HMRC emails without doublechecking the actual sender. You will never know unless you run the test.
The test will achieve nothing if there is no penalty for attempting to interact with the rogue email. Think about the response you wish to give to the culprits and arrange some follow-up training, especially for repeat offenders.
Once your team are aware that test phishing emails will be landing in their inbox, they will hopefully treat all suspect emails with a bit more caution. So, in effect, the act of implementing phishing testing can prompt better behaviour even before any test emails have been sent out.
If you think phishing tests would be useful for your company, Computer Troubleshooters can arrange a trial for you. Once your team is aware that they can be tested at any time, they will hopefully be a bit more circumspect before they divulge their login credentials to a hacker.